The bright side of Blaster

Friday, 15 August 2003, 11:43 AM EST

The Blaster worm has infected hundreds of thousands of Windows machines, shut down the Maryland state DMV, put network administrators on overtime, crashed countless consumer's home computers, and on Saturday it will attempt a denial-of-service attack on Microsoft's Windows Update site. But that doesn't make it all bad.

Blaster, also known as MSBlast and LovSan, hit the Internet on Monday, spreading through the RCP DCOM vulnerability discovered by the Polish security research group Last Stage of Delirium earlier this year. The worm is built on dcom.c, one of the public exploit programs that emerged to demonstrate and exercise the flaw in the days and weeks following Microsoft's July 16th advisory. According to data gathered by (SecurityFocus publisher) Symantec's DeepSight network of intrusion detection systems, by Thursday afternoon the worm had infected over 330,000 Windows XP and Windows 2000 machines.

As nasty as that is, security experts say it could have been much worse: the worm is hampered by clumsy construction, and it does not contain a malicious payload to damage victim's files. Moreover, in its reckless tear through cyberspace Blaster is accomplishing what a month of warnings from the security community, an unprecedented mass-e-mail campaign by Microsoft, and two advisories from the Department of Homeland Security all failed to do: it's forcing companies and consumers to install the patch for the serious RPC DCOM vulnerability, shutting down computer intruders who've had their pick of these systems for weeks.

[ Read more ]

Related items


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st